Password Cracker

Takes passwords to plaintext, via various means (usually bruteforce)

ShoWin

Show information about Windows. Reveal passwords etc.

ShoWin displays useful information about windows by dragging a cursor over them.

Perhaps one of the most popular uses of this program is to display hidden password editbox fields (text behind the asterisks *****). This will work in many programs although Microsoft have changed the way things work in some of their applications, most notably MS Office products and Windows 2000. ShoWin will not work in these cases. Neither will it work for password entry boxes on web pages, at least with most web browsers.

Additional features include the ability to enable windows that have been disabled, unhide hidden windows (try the program with the include invisibles option set and see how many windows you have on your desktop that you didn't know about!) and force windows to stay on top or be placed below others.

DumpAutoComplete

Dump Firefox AutoComplete files into XML
GPL Version 2

This application will search for the default Firefox profile of the user who runs the tool and dump the AutoComplete cache in XML format to standard output. Alternatively, autocomplete files can be passed to the application and they will be parsed as well. This application understands mork based autocomplete files (Firefox 1.x) as well as SQLite based formhistory and webappsstore files (Firefox 2.x).

The download package contains a standalone windows application. The MSVCR71.dll maybe needed on systems that do not already have this file. The full Python source code is also included and can be run on Windows, Mac OS X, Linux, or any other system with Python installed (the additional "pysqlite2" modulal is required for SQLite based file parsing).

Usage:
dumpAutoComplete [formhistory[.dat|.sqlite]]

Example Usage:
C:\Bin\> dumpAutoComplete > mydata.xml

FScrack

GUI for John the Ripper

FSCrack is a front end for John the Ripper (JtR) that provides a graphical user interface (GUI) for access to most of JtR’s functions.

JtR is described as follows (from http://www.openwall.com/john/): "John the Ripper is a fast password cracker, currently available for many flavors of Unix (11 are officially supported, not counting different architectures), DOS, Win32, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords. Besides several crypt (3) password hash types most commonly found on various Unix flavors, supported out of the box are Kerberos AFS and Windows NT/2000/XP/2003 LM hashes, plus several more with contributed patches."

System Requirements
John the Ripper binary (win32) written by Solar Designer. Available at http://www.openwall.com/john/
.Net framework 2.0. Available at: http://msdn.microsoft.com/netframework/downloads/updates/default.aspx
(Optional) NTLM (MD4) hash support patch written by Olle Segerdahl. Available at: http://olle.nxs.se/software/john-ntlm/

Password Changer

It does as the name says. Changes a forgotten windows password without having to re-install and re-configure the computer.

Huge Dictionary File

Just what is stated. A HUGE dictionary file I found while surfing the interwebs.

NBTEnum

NetBIOS Enumeration Utility (NBTEnum) is a utility for Windows that can be used to enumerate NetBIOS information from one host or a range of hosts. The enumerated information includes the network transports, NetBIOS name, account lockout threshold, logged on users, local groups and users, global groups and users, and shares.

If run under the context of a valid user account additional information is enumerated including operating system information, services, installed programs, Auto Admin Logon information and encrypted WinVNC/RealVNC passwords. This utility will also perform password checking with the use of a dictionary file. Runs on Windows NT 4.0/2000/XP/2003. PERL source included.

Examples :

* nbtenum -q 192.168.1.1 - Enumerates NetBIOS information on host 192.168.1.1 as the null user.
* nbtenum -q 192.168.1.1 johndoe "" - Enumerates NetBIOS information on host 192.168.1.1 as user "johndoe" with a blank password.
* nbtenum -a iprange.txt - Enumerates NetBIOS information on all hosts specified in the iprange.txt input file as the null user and checks each user account for blank passwords and passwords the same as the username in lower case.
* nbtenum -s iprange.txt dict.txt - Enumerates NetBIOS information on all hosts specified in the iprange.txt
input file as the null user and checks each user account for blank passwords and passwords the same as the username in lower case and all passwords specified in dict.txt if the account lockout threshold is 0.

Keimpx

keimpx is an open source tool, released under a modified version of Apache License 1.1.

It can be used to quickly check for the usefulness of credentials across a network over SMB. Credentials can be:

* Combination of user / plain-text password.
* Combination of user / NTLM hash.
* Combination of user / NTLM logon session token.

If any valid credentials has been discovered across the network after its attack phase, the user is asked to choose which host to connect to and which valid credentials to use, then he will be prompted with an interactive SMB shell where the user can:

* Spawn an interactive command prompt.
* Navigate through the remote SMB shares: list, upload, download files, create, remove files, etc.
* Deploy and undeploy his own service, for instance, a backdoor listening on a TCP port for incoming connections.
* List users details, domains and password policy.

Hydra

Hydra is a tool that can guess/crack valid login/password pairs extremely quickly. It supports a great deal of protocols. Variant exist both for Windows and Unix.

Currently Hydra supports attack against the following services:

TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, RSH, RLOGIN, CVS,

SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Postgres,

Teamspeak, Cisco auth, Cisco enable, LDAP2, Cisco AAA

Installation:

./configure

make

make install

Pre-requisites:

libssh2

libssh2.so may need to be linked from its installed location to /lib so Hydra detects it when trying to crack ssh.

Creddump

creddump is a python tool to extract various credentials and secrets from Windows registry hives. It currently extracts:

* LM and NT hashes (SYSKEY protected)
* Cached domain passwords
* LSA secrets

It essentially performs all the functions that bkhive/samdump2, cachedump, and lsadump2 do, but in a platform-independent way.

It is also the first tool that does all of these things in an offline way (actually, Cain & Abel does, but is not open source and is only available on Windows).

CMOT

What this tool does, although numerous online resources are available, is enable you to submit MD5 and other hashes to be cracked. This & other tools also exist that allow submission of hashes to multiple resources simultaneously in the hope you will obtain the requisite match to allow you to log in with the broken password.

Syndicate content